I am having a difficult time figuring out how to correctly implement this api. Any help would be super appreciated!!
I am using CURL in PHP., Getting this Result(N0 CSRF token)
EDIT:
I never found a way around this, but I only needed to add a user account, so I found a workaround that allowed me to include the createAndPromote.php file without using shell_exec.
The maintenance.php file has a function called setup. This function checks to see if the request is from the command line, or if it's from the server. If it's from the server, typically it will give you an error and exit stating you can only run this script from the command line.
In my case, my hosting provider does not allow me access to the command line version of PHP.exe through the shell_exec function, so I am forced to include the file instead.
That being said, normally I would have gotten an error for having the $_SERVER array populated. So instead of un-setting the array, I defined a constant that specifies to skip the check that sees if the $_SERVER variable is set, that way it only skips when the __SKIP_CHECK__ constant is set.
Next, I had to simulate command line arguments. This was simple, I did this by setting the following array variables(in the script that was including createandpromote.php):
In all, I placed this code in my "calling file":
define('__SKIP_CHECK__', true);
$_GET = $_POST;
$path = realpath('../wiki/maintenance/createAndPromote.php');
$argv[0] = $path;
$argv[1] = $username;
$argv[2] = $password;
include($path);
$wikiSuccess = false;
if(defined('__ADD_RESULT__'))
{
$wikiSuccess = true;
}
$result = ["success"=>true, "message"=>"User Created", "title"=>"Success", "wikiSuccess"=>$wikiSuccess];
In the maintenance file, I added the bolded code below:
/**
* Do some sanity checking and basic setup
*/
public function setup() {
global $IP, $wgCommandLineMode, $wgRequestTime;
if(!defined('__SKIP_CHECK__'))
{
# Abort if called from a web server
if ( isset( $_SERVER ) && isset( $_SERVER['REQUEST_METHOD'] ) ) {
$this->error( 'This script must be run from the command line', true );
}
}
Near the end of the file in the createandpromote.php file, I added the below bolded code:
if(defined('__SKIP_CHECK__'))
{
define('__ADD_RESULT__', true);
}
else
{
$this->output( "done.\n" );
}
In conclusion, this works for me because I wanted to automate the process of adding wiki users when I added users to my site and the api was not working for me for some reason. I hope this is helpful to someone who is tearing their hair out for hours trying to find something useful, like I was. Additionally, this could probably be expounded on a bit, in order to include groups, which may be something I look deeper into later, but for now, this solves my problem. Good Luck!